ClarkConnect Internet GatewayAdded 2003-12-05by Peter Baldwin
ClarkConnect is a software package that transforms an old beat up PC into a smart, simple, and secure Internet gateway and server for your home or small office network. In addition to connection sharing, the software comes with a strong firewall, Apache, dynamic DNS utilities, and Samba filesharing. The software is based on Red Hat Linux.

Bastille LinuxAdded 2003-05-26by Jay Beale
Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat, Mandrake, and Debian Linux, along with HP-UX. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.

Shilosh OSAdded 2002-07-08by Stefan Ilivanov
Shilosh OS provides a secure and stable operating system based on a highly modified Linux kernel, with its own package system similar to BSD's "ports". Compatible with x86 and Power PC, it is also 99% compatible with Windows 9x. It is easy to use and includes complete documentation in many languages.

CylantSecure: Linux Kernel PluginAdded 2002-04-09by Scott Wimer
CylantSecure is a complete security architecture that currently provides a security plug-in for the Linux kernel. It enables a user to protect and reject both known and novel attacks in real time. It makes use of a number of Open Source technologies. It provides an XML and GTK+ based administration interface, and secures all communication with OpenSSL. Our product is currently being released with support for 2.2 kernels on RedHat 6.x systems.

Linux Intrusion Detection System LSM (Linux Security Module)Added 2002-04-02by Huagang Xie
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

WebSecure4LinuxAdded 2001-12-19by Ian Goldberg
WebSecure4Linux is a simple, unofficial Linux client for the Freedom WebSecure service (see http://www.freedom.net/products/websecure/). Zero-Knowledge Systems runs the service and provides a Windows client, but is not responsible for this Linux client. Note that you will need to sign up for the service before this client will operate. It currently supports HTTP on all versions of Linux, and HTTPS is supported under Linux 2.4. WebSecure4Linux is not feature-complete and it is slow. It's written in Perl, and forks for each Web connection.

LCAP Linux Kernel Capability RemoverAdded 2001-10-22by Spoon, spoon@ix.netcom.com
"Capabilities" are a form of kernel-based access control. Linux kernel versions 2.2.11 and greater include the idea of a "capability bounding set". The bounding set is a list of capabilities that can be held by any process on the system. If a capability is removed from the bounding set, the capability may not be used by any process on the system (even processes owned by root).
LCAP allows a system administrator to remove specific capabilities from the kernel in order to make the system more secure. LCAP modifies the value in the sysctl file "/proc/sys/kernel/cap-bound".

SPIRO-Bastille 1.0Added 2001-10-22by Rick Collette, rcollette@inventivecomm.com
SPIRO-Bastille attempts to make your system ultra secure by periodically checking the SPIRO-Linux website for security updates. It hardens the system from various attacks while adjusting ftpd, inetd, console security, remote access, etc. It is based up on the original Bastille-Linux Hardening System.